Closed Bug 2045953 Opened 3 days ago Closed 19 hours ago

[wpt-sync] Sync PR 60483 - Add rate limiting to pointer lock to prevent abuse

Categories

(Core :: DOM: Events, task, P4)

Product:
Core
Component:
DOM: Events
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
153 Branch
Tracking Flags:
Tracking Status
firefox153 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 60483 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/60483
Details from upstream follow.

Gaston Rodriguez <gastonr@microsoft.com> wrote:

Add rate limiting to pointer lock to prevent abuse

A malicious or misbehaving page can rapidly lock and unlock the pointer
in a tight loop, effectively denying users the ability to provide input.
This tight loop may prevent the user from pressing the Esc key, for
which we provide a "cooldown" before a lock can be re-acquired so that
users may take control of the browser. Additionally, each lock request
generates inter-process messages to the browser process, which
accumulate even when the user switches to a different tab. This floods
the browser with messages and bogs down input processing across the
entire browser.

This scenario is postulated in the spec as a possible security concern
[1], and the spec implies that it is up to the User Agents to implement
some mechanism with which they can protect the users:

Security concern:
Pointer Lock can be called repeated by script after user exits pointer
lock, blocking user from meaningful progress.
Answer:
Repeated escapes of pointer lock can signal user agent to not re-lock
the pointer without more specific user action, e.g. similar to how
Chrome suppresses repeated alert() calls.

With this in mind, this CL implements a rate limiting system in
PointerLockController that tracks recent successful locks. If a page
exceeds a threshold of unlocks within a short time window, all
subsequent pointer lock requests are rejected with a NotAllowedError
until the window clears. The rate limiting is behind a feature flag
(kRateLimitPointerLockRequests) which will be used as a kill switch in
case some issue is found with the implementation.

[1] https://w3c.github.io/pointerlock/#security

Bug: 40056867
Change-Id: Ib504f26f5160fb784a220b30351855c5a74c517f
Reviewed-on: https://chromium-review.googlesource.com/7533521
WPT-Export-Revision: d8d6456606b3132067cb8b8dd7494d3ba03c1609

Component: web-platform-tests → DOM: Events
Product: Testing → Core

The PR was not expected to affect any tests, but the try push wasn't a success. Check the try results for infrastructure issues

Pushed by wptsync@mozilla.com: https://github.com/mozilla-firefox/firefox/commit/eecd632be40e https://hg.mozilla.org/integration/autoland/rev/1046cbe61cce [wpt PR 60483] - Add rate limiting to pointer lock to prevent abuse, a=testonly

Test result changes from PR not available.

https://hg.mozilla.org/mozilla-central/rev/1046cbe61cce

Status: NEW → RESOLVED
Closed: 19 hours ago
status-firefox153: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 153 Branch
You need to log in before you can comment on or make changes to this bug.